# HashiCorp Vault Demo Setup 

## Setup of the Demo

This setup is tested on MacOS and is meant to simulate a distributed setup. The components used in this demo are:
- Vault Enterprise installed on docker (to simulate an external Vault)
- You have the Vault CLI installed

This assumes your Vault server is installed using docker and already running on http://127.0.0.1:8200
and you have set your `VAULT_ADDR` and `VAULT_TOKEN` variables.

## Requirements to Run This Demo
You will need Visual Studio Code to be installed with the Jupyter plugin. To run this notebook in VS Code, chose the Jupyter kernel and then Bash.
- To run the current cell, use Ctrl + Enter.
- To run the current cell and advance to the next, use Shift+Enter.

# Setup Vault

In [None]:
# For this demo, we will be passing our doormat credentials as environment variables.
# For non-doormat scenarios, use your configured IAM programmatic credentials in the secret sync configuration later on.
export VAULT_PORT=8200
export VAULT_ADDR="http://127.0.0.1:${VAULT_PORT}"
export VAULT_TOKEN="root"

# Change the path to your license file
export VAULT_LICENSE=$(cat $HOME/Documents/Misc/vaultControlGroup/vault.hclic)

# Refresh Vault docker image with latest version
docker pull hashicorp/vault-enterprise

# Run Vault in docker in Dev mode with Enterprise license.
# We have set VAULT_LOG_LEVEL to trace for troubleshooting purposes.  This will allow you to view detailed information as you test.
# docker run -d --rm --name vault-enterprise --cap-add=IPC_LOCK \
# -e "VAULT_DEV_ROOT_TOKEN_ID=${VAULT_TOKEN}" \
# -e "VAULT_DEV_LISTEN_ADDRESS=:${VAULT_PORT}" \
# -e "VAULT_LICENSE=${VAULT_LICENSE}" \
# -e "VAULT_LOG_LEVEL=trace" \
# -p ${VAULT_PORT}:${VAULT_PORT} hashicorp/vault-enterprise:latest

# Pinning to 1.15-ent as 1.16.1 now does not support AWS session tokens for secrets 
docker run -d --rm --name vault-enterprise --cap-add=IPC_LOCK \
-e "VAULT_DEV_ROOT_TOKEN_ID=${VAULT_TOKEN}" \
-e "VAULT_DEV_LISTEN_ADDRESS=:${VAULT_PORT}" \
-e "VAULT_LICENSE=${VAULT_LICENSE}" \
-e "VAULT_LOG_LEVEL=trace" \
-p ${VAULT_PORT}:${VAULT_PORT} hashicorp/vault-enterprise:1.15-ent


In [None]:
# Verify that Vault is running
docker ps
echo
vault status

In [None]:
# Verify license features
vault read sys/license/status -format=json

# Clean up

In [None]:
# Stop Vault container
docker stop vault-enterprise